I think if that would happen with integration with hardware wallet then you probably would want to have the master password as your private seed wouldn't you? It would be the ultimate last line of defence. The owner key may then have to just be changing posting, active, memo and owner keys whilst leaving the master as just that.
That way the owner becomes the one that continually changes? Not sure the technical side of it but that makes more sense to me and keeps in line with other hardware wallet usability?
I believe you are correct and there is indeed a way to change the owner key without changing the master KEY. For example the hardware wallets usually use BIP-39 (i think), it's combination of 24 words from a list of 2048. However, the master PW on steem can actually be anything (use the random generator). So yeah, it could generate an infinite series of keys. But this is why it is difficult to program. It better indeed meet cryptographic standards when generating new owner keys.